handling IRPs 13: I/O Control Codes (IOCTLs)

最新推荐文章于 2018-10-03 09:22:00 发布
最新推荐文章于 2018-10-03 09:22:00 发布
阅读量1k 收藏
点赞数
分类专栏: 驱动开发
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/sunboyhch/article/details/9102383
版权

The I/O Manager sends an I/O control code (IOCTL) as part of the IRP for requests other than read or write requests. An IOCTL is a 32-bit control code that identifies an I/O or device operation. Requests that specify IOCTLs can have both input and output buffers.

The operating system supports two types of IOCTLs, which are sent in two different IRPs:

·         IRP_MJ_DEVICE_CONTROL requests can be sent from user mode or kernel mode. These requests are sometimes called public IOCTLs.

·         IRP_MJ_INTERNAL_DEVICE_CONTROL requests can be sent by kernel-mode components only. These requests are typically used for driver-to-driver communication and are sometimes called private IOCTLs.

 

For an IOCTL, the transfer mechanism is specified in theMethodfield of the control code. IOCTLs support the following transfer mechanisms:

·         METHOD_BUFFERED

·         METHOD_OUT_DIRECT

·         METHOD_IN_DIRECT

·         METHOD_NEITHER

 

METHOD_BUFFERED IOCTLs

In a METHOD_BUFFERED IOCTL, like a buffered read or write request, data transfer is performed through a copy of the user’s buffer passed in theIrp‑>AssociatedIrp.SystemBuffer field. The lengths of the input and output buffers are passed in the driver’s IO_STACK_LOCATION structure in theParameters.DeviceIoControl.InputBufferLength field and theParameters.DeviceIoControl.OutputBufferLength field. These values represent the maximum number of bytes the driver should read or write in response to the buffered IOCTL.

METHOD_BUFFERED IOCTLs are the most secure IOCTLs because the buffer pointer is guaranteed to be valid and aligned on a natural processor boundary, and the data in the buffer cannot change.

The I/O Manager does not zero-initialize the output buffer before issuing the request. The driver is responsible for writing either valid data or zeroes in the output buffer up to the return byte count it specifies in the Irp->IoStatus.Information field. Failing to write valid data or zeroes could result in returning private kernel data to the user-mode application. Because this data could belong to another user, this error is considered a breach of system security.

METHOD_OUT_DIRECT IOCTLs

An IOCTL that specifies METHOD_OUT_DIRECT or METHOD_DIRECT_FROM_HARDWARE represents a read operation from the hardware. METHOD_OUT_DIRECT and METHOD_DIRECT_FROM_HARDWARE can be used interchangeably.

In METHOD_OUT_DIRECT requests, theIrp‑>AssociatedIrp.SystemBuffer field contains a kernel-mode copy of the requestor’s input buffer. TheIrp‑>MdlAddress field contains an MDL that describes the requestor’s output buffer. The I/O Manager readies this buffer for the driver to write. As in read and write operations, the driver must call theMmGetSystemAddressForMdlSafe macro to get a kernel-mode pointer to the buffer described by the MDL.

The requestor’s input buffer typically contains a pointer to a command that the driver should interpret or send to the device. The requestor’s output buffer typically is the location to which the driver should transfer the result of the operation.

METHOD_IN_DIRECT IOCTLs

An IOCTL that specifies METHOD_IN_DIRECT or METHOD_DIRECT_TO_HARDWARE requests a write operation to the hardware. METHOD_DIRECT_TO_HARDWARE and METHOD_IN_DIRECT can be used interchangeably.

In METHOD_IN_DIRECT requests, theIrp->AssociatedIrp.SystemBuffer field contains a kernel-mode copy of the requestor’s input buffer. TheIrp->MdlAddress field contains an MDL that describes the requestor’s output buffer. The I/O Manager readies this buffer for the driver to read. As in read and write operations, the driver must call theMmGetSystemAddressForMdlSafe macro to get a kernel-mode pointer to the buffer described by the MDL.

The input and output buffers are typically used in similar ways for METHOD_OUT_DIRECT and METHOD_IN_DIRECT IOCTLs. The requestor’s input buffer contains a command for the driver or device. However, the requestor’s output buffer contains the data for the driver to transfer to the device. In effect, it is a second input buffer.

METHOD_NEITHER IOCTLs

A driver can define IOCTLs that use neither direct nor buffered I/O. METHOD_NEITHER IOCTLs have separate user-mode pointers for input and output buffers:

·         IrpSp->Parameters.DeviceIoControl.Type3InputBuffer points to the input buffer.

·         Irp->UserBuffer points to the output buffer.

 

The input and output buffer addresses are user-mode pointers. Therefore, drivers must validate these pointers before using them, by calling theProbeForRead andProbeForWrite routines within atry/except block. In addition, the driver must copy all parameters to kernel-mode memory (either in the pool or on the stack) before validating them.

Note: For detailed information on probing and on problems commonly seen in driver I/O paths, see the white paper “Common Driver Reliability Issues.”

centos-com
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Handling IRPs.pdf
11-10
Handling IRPs.pdf
Handling IRPs.doc
11-10
Handling IRPs.doc
40、总结IRP,handling IRPs,Part II
weixin_33762130的博客
12-12 102
you must understand the differences between a driver-created synchronous input/output request packet (IRP) and an asynchronous request.  Synchronous (Threaded) IRP Asynchronous (Non-Th...
IOControlCode 控制代码全览
raylinn的博客
01-14 1927
今天写了个小程序,将Winioctl.h里的IO控制代码转化成C#下的enum,以方便用C#控制Windows的设备,做一些底层的操作(比如格式化之类的),奇怪的是我找不到FILE_DEVICE_AVIO这个设备的定义。。。。 下面是无注释版。 如果你想知道某个设备支持哪些control code,你可以用这个工具: http://tbaioctl.codeplex.com/ ...
Handling IRPs 4: Completing an IRP
静故了群动
06-15 787
Completing an IRP When I/O is complete, the driver that completed the I/O calls the IoCompleteRequest routine. This routine moves the IRP stack pointer to point to the next higher location in the
Handling IRPs 10: Optimizations
静故了群动
06-15 726
Optimizations By testing the value of the Irp->PendingReturned field, a driver can take advantage of the pending bit to optimize post-processing work for an I/O request. For example, a driver can u
What Every Driver Writer Needs to Know
lionzl的专栏
05-06 734
Handling IRPs: What Every Driver Writer Needs to Know  Microsoft CorporationJuly 2004The current version of this information is maintained at http://www.microsoft.com/whdc/driver/kernel/IR
CTL_CODE定义说明
crystal0011的专栏
10-25 1019
我们在说DeviceIoControl函数时其第二个参数dwIoControlCode就是由CTL_CODE宏定义的,下边我们可以了解一下CTL_CODE的内容。 CTL_CODE:用于创建一个唯一的32位系统I/O控制代码,这个控制代码包括4部分组成:DeviceType(设备类型,高16位(16-31位)),Access(访问限制,14-15位),Function(功能 2-13位),Met
Driver Development Part 6: Introduction to Display Drivers
在线笔记
10-08 498
http://www.codeproject.com/KB/system/driverdev6asp.aspx?fid=262328 Introduction It has been a while since I have updated this series and I have found some fre
IOCTL(CTL_CODE)
weixin_30691871的博客
10-03 417
IOCTL 下图显示控制代码结果格式: 在wdm.h中定义了一系统宏来解析/反解析IO控制代码: //宏:用来生成IOCTL 和 FSCTL功能控制代码,功能代码0-2047由微软使用,2048-4095供用户使用 #define CTL_CODE( DeviceType, Function, Method, Access ) (((DeviceType) <<...
WDK例子之键盘过滤驱动简单总结
weixin_30795127的博客
06-07 444
/*--Copyright (c) 1998. 1999 Microsoft Corporation Module Name: kbfiltr.c Abstract: Environment: Kernel mode only. Notes: --*/ #include "kbfiltr.h" NTSTATUS DriverEntry (PDRIVER_OBJE...
英飞凌科技推出一款完全整合的PMIC解决方案“IRPS5401”
01-20
IRPS5401是一款完全整合的PMIC解决方案,采用7mm x 7mm 56 pin QFN小型封装,以单一装置取代多个稳压器,非常适合用于目前与未来的高密度ASIC与FPGA应用。  英飞凌科技(Infineon Technologies)推出IRPS5401五输出...
WinDbg Cheat Sheet-计算机科学
04-22
Processors, IRQLs and InterruptsI/O and IRPs Driver VerifierSystem Hardware Information Thread SchedulingRegisters and Exceptions Memory ManipulationDriver Information Power PolicySwishDbgExt (C
IRPs.rar_IRP
最新发布
09-20
IRP手册,理解IRP,操作IRP英文原版,不过网上有中文翻译版,请自己找
Couldn't resolve error 的问题
静故了群动
01-14 4765
1. 若符号存在D:\pathSymbols,输入命令: .sympath SRV*d:\pathSymbols*http://msdl.microsoft.com/download/symbols 2 .[使用!sym noisy命令希望WinDBG在获得符号的时候取得更多的信息,接着使用!lmi命令让WinDBG查看Windows的ntoskrnl模块。然后使用.reload /f
windebug 指令详解
静故了群动
07-17 2529
1. 线程相关 线程命令是以~开始,后面跟线程id(不是tid,是windbg从0开始的一个编号),或者.,#,*等 ~. 表示当前线程 ~# 表示异常或者产生调试事件的线程 ~* 表示所有线程 ~1 表示一号线程 ~2 s 表示选择2号线程作为当前线程 ~3 f 冻结三号线程 ~3 u 解冻三号线程 ~2 n 挂起二号线程 ~2 m 恢复二线程 线程指令还可以与其他指令混合
windbg 和 vmware 单机调试步骤
静故了群动
01-11 1131
转载请注明出处:http://blog.csdn.net/sunboyhch 1 先在vmware里选择调试模式让虚拟机停止,等待windbg发出 g命令。 2 打开windbg,出现断点提示,输入g,虚拟机继续运行。 3 编辑你要调试的源代码,在你需要调试的代码中添加硬断点。如果不添加硬断点,将没有办法进入所调试的程序中。在你需要调试的程序中加入以下代码:  DbgBre
引入内核模式安全字符串函数
静故了群动
01-15 1077
原文地址 http://www.osronline.com/ddkx/kmarch/other_0vfr.htm 一、在内核驱动代码中引入安全字符串函数     有两种方式可以引入安全字符串函数:     如果代码需要在系统为Windows XP及以后版本运行时,可以使用内联的方式;     如果代码需要运行在早于Windows XP时,则必须使用链接库的方式。
Handling IRPs 7: IoCompletion Routines and Asynchronous I/O Responses
静故了群动
06-15 1071
IoCompletion Routines and Asynchronous I/O Responses If a driver sets an IoCompletion routine for an IRP, the IoCompletion routine can check the value of the Irp->PendingReturned field to determine

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值